So, I have a few services (Jellyfin, Home Assistant, etc) that I am running, and have been acessing via their IP’s and port numbers.
Recently, I started using NGINX so that I could setup entries in my Pi Hole, and access my services via some made up hostname (jellyfin.home, homeassistant.home, etc).
This is working great, but I also own a few domains, and thought of adding an SSL cert to them as well, which I have seen several tutorials on and it seems straight forward.
My questions:
-
Will there be any issues running SSL certs if all of my internal service are inward facing, with no WAN access? My understanding is that when I try to go to jellyfin.mydomainname.com, it will do the DNS lookup, which will point to a local address for NGINX on my network, which the requesting device will then point to and get the IP of the actual server.
-
Are there risks of anything being exposed externally if I use an actual CA for my cert? My main goal is to keep my home setup off of the internet.
Hey, I advocate https even for LAN only, most people don’t think about the Wifi attack vector. That’s why I use self signed certs on my LAN stuff, I just don’t care about that yellow padlock that disappears when I trust the website. I’ve only experienced a single app ever that didn’t accept self-signed (I’m looking at you wallabag app).
I can understand how it would be different if family members suddenly starts asking if it’s true when their devices tell them the webside is potentially dangerous.
People… watching money?